Data protection
1. Controller
Responsible for the collection, processing and use of your personal data within the meaning of the GDPR is:
CustAI by Mark P. Rasch
Einzelunternehmen
Wasentegernbach 77a
84405 Dorfen
E-mail: contact@cust-ai.com
Managing Director: Mark Phillip Rasch
1.1 Name and contact details of the data protection officer
Mark Phillip Rasch
Phone: +49 (0) 176 8488-1067
E-mail: mark.rasch@cust-ai.com
1.2 Legal Bases for Processing
Insofar as we obtain the consent of the person concerned for the processing of personal data, Article 6 paragraph 1 letter a of the General Data Protection Regulation (GDPR) serves as the legal basis.
We process your personal data for contract processing and rely on Article 6 Paragraph 1 Letter b GDPR as the legal basis. This also applies to processing operations to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 Paragraph 1 Letter c GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 paragraph 1 letter f DSGVO serves as the legal basis for the processing. Our interests in data processing are, in particular, ensuring the operation and security of the website, investigating how visitors use the website and simplifying the use of the website.
1.3 General
Types of data processed:
Contact information (e.g. email, phone numbers);
content data (e.g. text input, photographs);
Usage data (e.g. websites visited, interest in content, access times);
Meta/communication data (e.g. device information, IP addresses);
Affected people
Visitors and users of the online offer. In the following, we also refer to the data subjects as "users".
purpose of processing
Provision of the online offer, its functions and content;
Answering contact requests and communicating with users;
Reach measurement/marketing
Terms used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who is identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special features that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" is any process or series of processes carried out with or without the aid of automated processes in connection with personal data. The term is broad and encompasses practically every handling of data.
The "responsible person" is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
Hosting
We have commissioned IONOS SE to operate and provide this website. Their data centers meet various certifications, including ISO 27001.
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this website on the basis of our legitimate interests in making this online offer available efficiently and securely in accordance with Article 6 Paragraph 1 Letter f GDPR in conjunction with Article 28 GDPR (conclusion of order processing contract).
The data centers are located in the European Union. Insofar as personal data from EU citizens is brought to data centers outside the European Union, we only transfer data to a third country if there is an adequacy decision in accordance with Article 45 GDPR or suitable guarantees in accordance with Article 46 GDPR. As a rule, we achieve suitable guarantees in accordance with Article 46 GDPR and an appropriate level of data protection by concluding the standard contractual clauses (SCC) issued by the European Commission with the receiving body.
storage duration
Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.
2. General use of this website
2.1 Cookies
Once you contact us, we receive and store certain information. Among other things, we use so-called cookies and flash cookies and receive certain information as soon as your web browser opens the CustAI website and other content provided by or on behalf of CustAI on other websites. Cookies and Flash cookies are text files that are transferred to your computer via a web browser or other programs. This enables our system to recognize your browser and to offer you various services. The process of your visit to our site is supported by the use of cookies.
2.2 Access Data
CustAI collects information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about every access to our online offer (so-called server log files). The access data includes name and URL of the retrieved file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.
We use this log data without assignment to your person or other profiling for statistical evaluations for the purpose of operation, security and optimization of our online offer, but also for anonymous recording of the number of visitors to our website (traffic) and the scope and type of traffic Use of our website and services. This information allows us to analyze traffic, troubleshoot and fix errors, and improve our services. We reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on specific indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services or the billing of a service. We also save IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.).
The legal basis for data processing is Article 6 Paragraph 1 Clause 1 Letter f GDPR. Our legitimate interest follows from the data collection purposes listed above.
2.3 Contacting us by email or contact form
Processing purposes and legal bases
We make it easy for you to contact us with a general email address and a contact form. The data you provide or enter will be stored for the purpose of individual communication, such as processing your request. We thus ensure that an exchange with you and the processing of further inquiries always takes place promptly.
By entering your data in our contact form, you consent to the processing of this data. Consent is the legal basis for processing in accordance with Article 6 Paragraph 1 Letter a GDPR.
If you contact us to request an offer, the data entered in the contact form will be processed to carry out pre-contractual measures in accordance with Article 6 Paragraph 1 Letter b GDPR.
storage duration
Data will be deleted no later than 6 months after processing the request.
If there is a contractual relationship, we are subject to statutory retention periods of up to ten years.
Necessity of Provision
The provision of personal data is not required by law or contract. However, it is not possible to process the request without this information.
contradiction
Information about your right of objection can be found under point 3.6 of this data protection declaration.
2.4 Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply.
Unless otherwise stated in our data protection declaration, we process user data if they communicate with us within social networks and platforms, e.g. B. write posts on our online presence or send us messages.
Integration of third-party services and content
Within our online offer, we use content or service offers from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 Paragraph 1 Letter f DSGVO) in order to be able to offer their content and services, e.g . B. to include videos or fonts (hereinafter uniformly referred to as "content").
This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other information on the use of our online offer, as well as being linked to such information from other sources.
YouTube
We include videos from the "YouTube" platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated.
3. Rights of the data subject
Under the applicable laws, you have various rights in relation to your personal data. If you would like to assert these rights, please send your request by post or email, clearly identifying yourself, to the contact details listed under Sections 1 and 1.1. As the data subject, you have the following rights:
3.1 Right to Information
You have the right to request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if they were not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details.
3.2 Right to Rectification
You have the right to demand that we correct any incorrect personal data concerning you without undue delay. Taking into account the purposes, you have the right to request the completion of incomplete personal data - also by means of a supplementary statement.
3.3 Right to Erasure ("Right to be Forgotten")
You have the right to ask us to delete personal data concerning you immediately, and we are obliged to delete personal data immediately if one of the following reasons applies:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based in accordance with Article 6 paragraph 1 GDPR letter a or Article 9 paragraph 2 letter a GDPR and there is no other legal basis for the processing.
You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing (e.g. statutory retention periods), or you object to the processing in accordance with Article 21 (2) GDPR.
The personal data have been unlawfully processed.
Erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
The personal data was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
If we have made personal data public and we are obliged to delete them, we take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you has requested them to delete all links to, or copies or replications of, such personal information.
3.4 Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
the accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you have refused to have the personal data erased and instead requested that the use of the personal data be restricted;
the personal data is no longer required for the purposes of processing, but you need the data to assert, exercise or defend legal claims;
You have lodged an objection to the processing pursuant to Article 21 Paragraph 1 GDPR, as long as it is not certain whether the legitimate reasons of our company outweigh yours.
3.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transmit this data to another person responsible without hindrance from us, provided that
the processing is based on consent pursuant to Article 6 Paragraph 1 Letter a GDPR or Article 9 Paragraph 2 Letter a GDPR or on a contract pursuant to Article 6 Paragraph 1 Letter b GDPR and
the processing is carried out using automated procedures.
When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transmitted directly by us to another person responsible, insofar as this is technically feasible.
3.6 Right to Object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Article 6 paragraph 1 sentence 1 letter e or f GDPR; this also applies to profiling based on these provisions. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed by us in order to operate direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
3.7 Right to revoke consent under data protection law
You have the right to revoke consent to the processing of personal data at any time.
3.8 Right to lodge a complaint with a supervisory authority
In accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you live, where you work or where the alleged infringement took place, if you believe that the processing of your personal data is unlawful.
You can find a list of the supervisory authorities (for the non-public area) with their addresses at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
4. Data Security
We endeavor to take all necessary technical and organizational security measures to protect your personal data from unauthorized access and misuse at all times. We only handle your personal data insofar as this is possible in accordance with data protection regulations.
Insofar as personal data is stored or processed, this is done exclusively by certified data center operators (see under hosting). In order to protect the security of your data during transmission, we use encryption methods (e.g. SSL) via HTTPS. Servers are secured with a firewall and virus protection. Furthermore, backup and recovery processes as well as role and authorization concepts are a matter of course for us.
Our employees are obliged to observe the regulations of the GDPR and the BDSG when handling data.
5. Changes to the Privacy Notice
CustAI by Mark P. Rasch Einzelunternehmen the right to change the data protection notices in order to adapt them to changed legal situations or to changes in the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or parts of the data protection information contain provisions of the contractual relationship with the user, the changes will only be made with the consent of the user.
We ask our users to inform themselves regularly about the content of the data protection information.
5. Data protection information for the chatbots CODY, CBAM-Navigator
Responsible data protection officer
Publisher of these chatbots is CustAI by Mark P. Rasch Einzelunternehmen.
CustAI by Mark P. Rasch
Einzelunternehmen
Wasentegernbach 77a
84405 Dorfen
E-mail:contact@cust-ai.com
As a sole proprietorship, CustAI by Mark P. Rasch is subject to the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
CustAI by Mark P. Rasch Einzelunternehmen takes the protection of your personal data very seriously. In the following data protection declaration, we inform you which data is collected when accessing the chatbots and how we protect the data of visitors. In the course of the further development of our chatbots and the implementation of new technologies, changes to this data protection declaration may become necessary. We therefore recommend that you read our data protection declaration again from time to time.
The data protection officer of CustAI by Mark P. Rasch Einzelunternehmen is at your disposal for questions regarding data protection matters and for further information on the data protection declaration:
Mark Phillip Rasch
Wasentegernbach 77a
84405 Dorfen
E-mail: mark.rasch@cust-ai.com
If you contact our data protection officer with your contact details, we will treat them confidentially and only use them to answer your request. Any other use and in particular a transfer of your contact data will only take place if you expressly agree to this after consultation.
Safe use of the chatbots
Our chatbots can be used securely through the encrypted Hypertext Transfer Protocol Secure connection (HTTPS).
With all necessary technical and organizational security measures according to the current state of the art, we ensure that personal data is protected against unauthorized data access, such as access by unauthorized third parties.
Scope of processing of personal data
Personal data is information that is directly related to your person, for example name, address or telephone number. We only collect and store this data if you provide it to us voluntarily, for example when using the contact form at www.cust-ai.com/contact.
Our chatbots is a text-based dialogue system that can be used to ask questions or communicate concerns in writing. The answer is fully automatic based on text analysis and machine learning. The input and processing of personal data is necessary for the use of the chatbots.
Provision of the chatbots and creation of log files
In order to enable the delivery of the chatbots to the user's computer and to optimize and continuously improve our chatbots, data that may allow identification is automatically stored in a log file on the servers of our IT service provider IONOS SE when using the chatbots stored for a maximum of four weeks.
This concerns the following information:
Date and time of retrieval
Complete conversation history you had with the chatbots
The chat history and the time of use (date and time of retrieval) are deleted at irregular intervals, but no later than after four weeks, whereby no personal data is requested during use and this is also not required for the use of the chatbots. The recorded chat histories are only used to continuously improve the chatbots.
The legal basis for the temporary storage of the log files is Article 6
Paragraph 1 lit. e GDPR in conjunction with Section 3 BDSG.
The collection and storage of the data for the provision of the chatbots and the log files is absolutely necessary for the operation of the chatbots.
In order to object to the collection and storage of clearly personal data that you have accidentally or intentionally entered in the course of the chat, or to delete it, you must contact us. When contacting us, please let us know the personal data you have entered so that we can then delete it. Since the chatbots automatically processes user input and does not request any personal data, only the user can know whether and which personal data was collected and must provide this as a characteristic for the determination when contacting us.
Use of cookies
Our chatbots uses cookies for technical operation. Cookies are small text files that are stored on your computer and saved by your browser.
When calling up our chatbots, a so-called session cookie is used. This ensures that the visitor always stays on the same server within his session and is not directed back and forth between the different servers. Session cookies are automatically deleted after you have finished using the chatbots (end of session).
The cookie mentioned above does not collect any personal data about you, your use of the chatbots or IP addresses. Most browsers are set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it notifies you as soon as cookies are sent.
If cookies are deactivated for our chatbots, there may be restricted usability.
The legal basis for the temporary storage of the data is Article 6 Paragraph 1 Letter e GDPR.
Possibility to contact CustAI
To contact CustAI in connection with the use of the chatbots and data protection issues, we offer you the opportunity to send inquiries by email. We assure you that the data you collect, such as address or e-mail address, will only be used to process the contact, for the purpose of corresponding with you or for sending requested messages. A transfer to third parties does not take place.
For this we offer you the following e-mail address:
You are free to decide whether and for what purpose you provide your personal data there. Your communications to CustAI via email will be unencrypted.
In all cases, the legal basis for the temporary storage of this data is Article 6 Paragraph 1 Letter e GDPR in conjunction with Section 3 BDSG.
The storage of inquiries in electronic form takes place in accordance with the statutory periods.
protection of minors
Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or guardians. We do not request any personal data from children and young people. We do not knowingly collect such data and do not pass it on to third parties.
Links to websites of other providers
Our online offer contains links to websites of other providers. We have no influence on whether these providers comply with data protection regulations.
Rights of data subjects
You have various rights under the General Data Protection Regulation. Details result in particular from Articles 15 to 18 and 21 GDPR.
right to information
You can request information about your personal data processed by us. In your request for information, you should specify your request to make it easier for us to compile the necessary data. According to Art. 15 Para. 5 GDPR, the information is generally provided free of charge.
Right to Rectification
If the information concerning you is not (or no longer) correct, you can request that it be corrected. If your data is incomplete, you can request that it be completed.
Right to Erasure
You can request the deletion of your personal data. If you have entered personal data in the course of the chat, please address your request to find and delete this data to:
Right to restriction of processing
You have the right to demand that the processing of your data be restricted if
you dispute the accuracy of the data,
the processing of your data is unlawful but you refuse to delete it,
you need to use your data to assert, exercise or defend legal claims and we no longer need them, or
You have lodged an objection to the processing in accordance with Art. 21 (1) GDPR.
right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of data relating to you, which is based on Article 6 Paragraph 1 lit. e GDPR. We no longer process the personal data relating to you unless there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims on our part.